Open mend-bolt-for-github[bot] opened 8 months ago
Library home page: https://www.apache.org/
Path to dependency file: /swagger-client/jaxrs-resteasy-eap/pom.xml
Path to vulnerable library: /swagger-client/jaxrs-resteasy-eap/pom.xml
Dependency Hierarchy: - resteasy-multipart-provider-3.15.6.Final.jar (Root Library) - apache-mime4j-dom-0.8.9.jar - :x: **apache-mime4j-core-0.8.9.jar** (Vulnerable Library)
Found in HEAD commit: 0879348474e22463e77dc76ba5e5f7e6300a2b6c
Found in base branch: master
Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.
Publish Date: 2024-02-27
URL: CVE-2024-21742
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: None
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-21742
Release Date: 2024-02-27
Fix Resolution (org.apache.james:apache-mime4j-core): 0.8.10
Direct dependency fix Resolution (org.jboss.resteasy:resteasy-multipart-provider): 4.5.10.Final
Step up your Open Source Security Game with Mend here
CVE-2024-21742 - Critical Severity Vulnerability
Library home page: https://www.apache.org/
Path to dependency file: /swagger-client/jaxrs-resteasy-eap/pom.xml
Path to vulnerable library: /swagger-client/jaxrs-resteasy-eap/pom.xml
Dependency Hierarchy: - resteasy-multipart-provider-3.15.6.Final.jar (Root Library) - apache-mime4j-dom-0.8.9.jar - :x: **apache-mime4j-core-0.8.9.jar** (Vulnerable Library)
Found in HEAD commit: 0879348474e22463e77dc76ba5e5f7e6300a2b6c
Found in base branch: master
Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.
Publish Date: 2024-02-27
URL: CVE-2024-21742
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-21742
Release Date: 2024-02-27
Fix Resolution (org.apache.james:apache-mime4j-core): 0.8.10
Direct dependency fix Resolution (org.jboss.resteasy:resteasy-multipart-provider): 4.5.10.Final
Step up your Open Source Security Game with Mend here